Python Openvpn don';在Mysql数据库中看不到更改
在OpenVPN上,我安装了脚本“post_auth_mac_address_checking.py”,以在vpn连接期间检查客户端的mac地址。 对于Mac地址,它可以与本地MySQL数据库配合使用 我的问题是,当我对mysql数据库进行一些更改(添加或删除mac地址)时,OpenVPN(sacli?)看不到这些更改 如何“强制”openvpn为每个连接执行脚本? 是否有需要刷新的脚本缓存 谢谢你的帮助 剧本:Python Openvpn don';在Mysql数据库中看不到更改,python,mysql,openvpn,Python,Mysql,Openvpn,在OpenVPN上,我安装了脚本“post_auth_mac_address_checking.py”,以在vpn连接期间检查客户端的mac地址。 对于Mac地址,它可以与本地MySQL数据库配合使用 我的问题是,当我对mysql数据库进行一些更改(添加或删除mac地址)时,OpenVPN(sacli?)看不到这些更改 如何“强制”openvpn为每个连接执行脚本? 是否有需要刷新的脚本缓存 谢谢你的帮助 剧本: #!/usr/bin/env python import uuid import
#!/usr/bin/env python
import uuid
import re
import MySQLdb
import sys
from pyovpn.plugin import *
# f this is set to "NONE" or "DISABLED" then the server administrator must
# always manually register each MAC/UUID address by hand on the command line.
first_login_ip_addr="NONE"
# If False or undefined, AS will call us asynchronously in a worker thread.
# If True, AS will call us synchronously (server will block during call),
# however we can assume asynchronous behavior by returning a Twisted
# Deferred object.
SYNCHRONOUS=False
# Get authorized MAC addresses in the mysql database
conn = MySQLdb.connect(host='127.0.0.1',user='xxx',passwd='xxx',db='xxx')
with conn as cur:
cur = conn.cursor()
cur.execute("SET SESSION TRANSACTION ISOLATION LEVEL READ COMMITTED")
result_iso = cur.fetchall()[0]
cur.execute("SELECT mac_address FROM whitelist_mac;")
results = cur.fetchall()
whitelistmac = [row[0] for row in results]
# this function is called by the Access Server after normal VPN or web authentication
def post_auth(authcred, attributes, authret, info):
print "********** POST_AUTH", authcred, attributes, authret, info
#get the phone's MAC address
from uuid import getnode
MAC_phone = (':'.join(re.findall('..', '%012x' % uuid.getnode())))
# get user's property list, or create it if absent
proplist = authret.setdefault('proplist', {})
# user properties to save - we will use this to pass the hw_addr_save property to be
# saved in the user property database.
proplist_save = {}
error = ""
# The 'error' text goes to the VPN client and is shown to the user.
# The 'print' lines go to the log file at /var/log/openvpnas.log (by default).
if attributes.get('vpn_auth'): # only do this for VPN authentication
hw_addr = authcred.get('client_hw_addr') # MAC address reported by the VPN client
username = authcred.get('username') # User name of the VPN client login attempt
clientip = authcred.get('client_ip_addr') # IP address of VPN client login attempt
if hw_addr or MAC_phone:
if (hw_addr or MAC_phone) in whitelistmac:
print "***** POST_AUTH MAC CHECK: account user name : %s" % username
print "***** POST_AUTH MAC CHECK: client IP address : %s" % clientip
if hw_addr:
print "***** POST_AUTH MAC CHECK: PC MAC address : %s" % hw_addr
else:
print "***** POST_AUTH MAC CHECK: Phone MAC address : %s" % MAC_phone
print "***** POST_AUTH MAC CHECK: connection attempt : SUCCESS"
else:
error = "Le client n'est pas autorisé à se connecter."
print "***** POST_AUTH MAC CHECK: account user name : %s" % username
print "***** POST_AUTH MAC CHECK: client IP address : %s" % clientip
if hw_addr:
print "***** POST_AUTH MAC CHECK: PC MAC address : %s" % hw_addr
else:
print "***** POST_AUTH MAC CHECK: Phone MAC address : %s" % MAC_phone
print "***** POST_AUTH MAC CHECK: connection attempt : FAILED"
else:
error = "L'adresse MAC du client n'a pas été diffusé."
print "***** POST_AUTH MAC CHECK: account user name : %s" % username
print "***** POST_AUTH MAC CHECK: client IP address : %s" % clientip
print "***** POST_AUTH MAC CHECK: Phone MAC address : %s" % MAC_phone
print "***** POST_AUTH MAC CHECK: PC MAC address : NONE REPORTED"
print "***** POST_AUTH MAC CHECK: action taken : VPN connection denied with a suitable error message."
print "***** POST_AUTH MAC CHECK: connection attempt : FAILED"
# process error, if one occurred
if error:
authret['status'] = FAIL
authret['reason'] = error # this error string is written to the server log file
authret['client_reason'] = error # this error string is reported to the client user
return authret, proplist_save
if conn:
conn.close()
发件人:
如果对mac.py文件进行更改,则需要再次使用上述命令将新版本的脚本加载到配置数据库中,并重新加载Access服务器的配置
您需要删除旧脚本:
cd/usr/local/openvpn\u as/scripts
./sacli-k auth.module.post_auth_脚本ConfigDel
./sacli启动
然后,添加新脚本:
cd/usr/local/openvpn\u as/scripts
./sacli-k auth.module.post_auth_脚本--value_file=/root/mac.py ConfigPut
./sacli启动
(假设脚本位于/root/mac.py
)来源:
如果对mac.py文件进行更改,则需要再次使用上述命令将新版本的脚本加载到配置数据库中,并重新加载Access服务器的配置
您需要删除旧脚本:
cd/usr/local/openvpn\u as/scripts
./sacli-k auth.module.post_auth_脚本ConfigDel
./sacli启动
然后,添加新脚本:
cd/usr/local/openvpn\u as/scripts
./sacli-k auth.module.post_auth_脚本--value_file=/root/mac.py ConfigPut
./sacli启动
(假设您的脚本位于
/root/mac.py)没有人知道?…也许我的问题不够清楚?:(没人知道?…也许我的问题不够清楚?:(非常感谢您的回复,但是我没有对这个脚本做任何更改(我修改了原始脚本一次)。我只是对MySql数据做了一些更改,而这个脚本什么也看不到。非常感谢您的回复,但是我没有对这个脚本做任何更改(我修改了一次原始脚本),我只是对MySql数据做了一些修改,这个脚本什么也看不到。